Dbd::pg Security Vulnerabilities

(RHSA-2023:5485) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes....

(RHSA-2023:5484) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes....

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5484 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

Hitachi Energys RTU500 Series Product Out-of-Bounds Read (CVE-2022-23937)

A vulnerability exists in the Wind River VxWorks version 6.9 that affects the RTU500 series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.14 12.2.1 – 12.2.11 12.4.1 – 12.4.11 12.6.1 – 12.6.8 12.7.1 – 12.7.5 13.2.1 – 13.2.5 13.3.1 – 13.3.3 13.4.1 In Wind River...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845...

Siemens SIMATIC IPCs

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

On Robots Killing People

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned--human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move...

pg-leonardo.cz Cross Site Scripting vulnerability OBB-3667121

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pg-rain.de Cross Site Scripting vulnerability OBB-3651298

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ruby:2.7 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, module.rubygem-bson, ruby, rubygem-bson, rubygem-pg, rubygem-mongo, module.rubygem-mysql2, rubygem-abrt, module.ruby, module.rubygem-mongo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System...

Rocky Linux 8 : ruby:2.7 (RLSA-2023:3821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2023-280)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-280 advisory. Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509...

EasyPX CMS 06.02.04 Cross Site Scripting

...

AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not...

AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845) ...

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were.....

Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework

Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...

CMS porViaX 2.0 SQL Injection

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2023:2843-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2843-1 advisory. Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability...

SUSE: Security Advisory (SUSE-SU-2023:2843-1)

The remote host is missing an update for...

Oracle Linux 8 : ruby:2.7 (ELSA-2023-3821)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3821 advisory. A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

ruby:2.7 security, bug fix, and enhancement update

ruby [2.7.8-139] - Upgrade to Ruby 2.7.8. Resolves: rhbz#2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in Time. Resolves: CVE-2023-28756 rubygem-abrt [0.4.0-1] - Update to abrt...

AlmaLinux 8 : ruby:2.7 (ALSA-2023:3821)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7). (BZ#2189465) Security Fix(es): ruby/cgi-gem: HTTP response...

RHEL 8 : ruby:2.7 (RHSA-2023:3821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3821 advisory. ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

CentOS 8 : ruby:2.7 (CESA-2023:3821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:3821 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7). (BZ#2189465) Security Fix(es): ruby/cgi-gem: HTTP response...

pg-pak.com Cross Site Scripting vulnerability OBB-3433547

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Scriptio 1.4 Cross Site Scripting

...

pg-a.co.jp Cross Site Scripting vulnerability OBB-3380712

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Oracle Linux 8 : kernel (ELSA-2023-2951)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2951 advisory. cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read)...

AlmaLinux 8 : kernel-rt (ALSA-2023:2736)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2736 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...

AlmaLinux 8 : kernel (ALSA-2023:2951)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2951 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...

Introducing: ‘Saved Filters’ in InsightCloudSec

Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....

RHEL 8 : kernel (RHSA-2023:2951)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2951 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....

RHEL 8 : kernel-rt (RHSA-2023:2736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2736 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....

Oracle Linux 9 : kernel (ELSA-2023-2458)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2458 advisory. A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function...

AlmaLinux 9 : kernel (ALSA-2023:2458)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2458 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...

AlmaLinux 9 : kernel-rt (ALSA-2023:2148)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2148 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) When...

RHEL 9 : kernel-rt (RHSA-2023:2148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2148 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....

RHEL 9 : kernel (RHSA-2023:2458)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2458 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....

(RHSA-2023:2097) Important: Satellite 6.13 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751...

Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12357)

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Emporium Multi-Vendor 2.1 Cross Site Scripting

...

Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12360)

Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2)

The version of AOS installed on the remote host is prior to 6.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2 advisory. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain...

CVE-2022-27979

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body...

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP...

pg-rain.de Cross Site Scripting vulnerability OBB-3268145

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...